On Friday, Google told The Washington Post that it was accelerating the implementation of end-to-end encryption between its data centers worldwide.

The search giant did not immediately respond to a request for comment from Ars.

“Google has data centers around the world, and when you have an e-mail stored, it’s stored at [something like] six data centers around the world,” Chris Soghoian, a privacy expert at the American Civil Liberties Union, told Ars. “Every single bit of data is now going to be encrypted, so now if the government is listening to that fiber, they won’t get that data.”

Of course, as Google and other companies are facing significant and varied vectors of attack from spy agencies—most notably the National Security Agency—this new defense tactic would probably only protect Google and its users from direct fiber taps, not any other forms of accessing user data and related keys.

“This is Google addressing the threat of interception one piece at a time,” Soghoian added.

The Post added that “Google officials declined to provide details on the cost of its new encryption efforts, the numbers of data centers involved, or the exact technology used,” and it added that “the project is likely to be completed soon, months ahead of the original schedule.”

Seems to me that because Google has to comply with (and not report) NSLs, this ultimately is more for show.

It's not just for show. The NSA seems to prefer low-profile methods of spying on people, so raising the bar is always good. Yes, they can still get specific people's data with NSL's, but it should be much harder for them to get *everything*.

Google are probably mainly doing this to protect from foreign government spying (i.e. Russia, China) and perhaps in an attempt to fool everyone into believing they're not totally compromised and a at the mercy of the NSA.

Google can't seriously pretend this will combat the NSA because

a) Google is a company and therefore amoral - the NSA's activities and civil liberties are irrelevant to making profit for its shareholders and

b) they're US based and must comply with the "Patriot Act" and National Security Letters.

Google are probably mainly doing this to protect from foreign government spying (i.e. Russia, China) and perhaps in an attempt to fool everyone into believing they're not totally compromised and a at the mercy of the NSA.

Google can't seriously pretend this will combat the NSA because

a) Google is a company and therefore amoral - the NSA's activities and civil liberties are irrelevant to making profit for its shareholders and

b) they're US based and must comply with the "Patriot Act" and National Security Letters.

The NSA stuff is high-profile enough that they stand to gain or lose business based on customers' perception of privacy. Even strictly from a business standpoint, I think it's in Google's best interest to minimize snooping or at least make it appear as if they are trying to do so.

Google are probably mainly doing this to protect from foreign government spying (i.e. Russia, China) and perhaps in an attempt to fool everyone into believing they're not totally compromised and a at the mercy of the NSA.

Google can't seriously pretend this will combat the NSA because

a) Google is a company and therefore amoral - the NSA's activities and civil liberties are irrelevant to making profit for its shareholders and

b) they're US based and must comply with the "Patriot Act" and National Security Letters.

Google's business is based entirely around faith and mind share. If people no longer see Google as a desirable company to do business with, they lose business. It's not like telecoms where there are local monopolies. If growth begins to slow in some sector (say Gmail sign ups grow by only 0.5% in two consecutive quarters), someone will have their boss asking questions. That person will probably explain that people are concerned about snooping which is constricting growth. The boss will tell them to alleviate that concern. Plus, if the NSA can get in, others can - and Google doesn't just send our data over their networks, they send important, long-term strategic information too. The NSA wouldn't care much about those, but Microsoft would. The NSA has shown us that they are FAR from invulnerable - one fairly low level contractor was able to shatter their secrecy.

I've spoken with a friend who works for Google about the NSA snooping scandals, and he says that most Googlers feel mostly the same as the rest of us. They use Google services too, after all.

Every little bit helps. I can't stand the argument you will hear that says " yes, but what about such and such...that is still a vulnerability". Please stfu with that argument.

If you have a sign on your house that says "come in and take anything you want" and you then remove the sign you stuff is more safe. If you then close the door it is safer still. If you lock the door, safer still. And so on and so on.

Google is putting in a real barrier to the fiber tap here. That is significant. One thing the NSA likes to do is dragnet. Just scoop up as much data as possible anywhere possible. Maybe they will use it against you in 20 years. That is their thinking.

This just slows them down which is good. When Google is done with this they can erect another barrier. Kudos to Google.

I assume it isn't their fiber between all of their data centers. Why wasn't this already encrypted? Is it not standard to encrypt traffic over WAN links? Or is it that the standard encryption used for that is one of the potentially compromised methods.

What's the point anyway? All that's necessary is a Warrant Order (sometimes not even that) and *bam* your emails belong to the government. Which government? ANY government if Google or any tech giant wants to continue doing business within that nation.

I assume it isn't their fiber between all of their data centers. Why wasn't this already encrypted? Is it not standard to encrypt traffic over WAN links? Or is it that the standard encryption used for that is one of the potentially compromised methods.

If it isn't standard, it certainly should be, and Google's move might inch us closer to that - IF its peers and competitors perceive that it has some effect on business, and follow suit, that is.

Some organizations may not do server-to-server encryption, if the two machines or networks are within their own organization, logically. Perhaps that's legacy, "one facility" thinking, but it needs to change. Even with machines or networks that are within the same physical facility, it should still be standard practice, so that any arm or leg of the network can later be placed somewhere else, physically, with no worries about leakage. LAN or WAN shouldn't matter.

Now, whether or not the encryption technology is compromised, well, I dunno. I think I trust Google to know - but not to tell us.

Ok, so I've been an engineer at Google for over 3.5 years. All details of Google's datacenter security practices are considered highly confidential, yet they are available for any Google engineer to read. None of it leaks because there aren't any backdoors to the NSA anywhere for anyone to find. That's point #1.

Point #2 is that the non-encrypted inter-datacenter links have been a known vulnerability for some time for large government spy organizations like the NSA and GCHQ with the means and motive to tap them, but Google did not want to make that information known to the public until the engineering work to encrypt all of these connections was well under way.

Since nearly all Googlers, including myself and the founders, obviously, are also Google users for all of our private and personal business. Google considers the NSA as a whole just as much an adversary as the Chinese military or any other government agency. As Bearologist said, Google's business is highly dependent on users trusting us to keep their data private and protected.

These NSL's have been very harmful to the reputations of all of the American cloud companies, but they only apply to the thousands or tens of thousands of specific individuals and account names that the government is providing to the respective companies. There's no global side channel funneling everyone's data to the NSA.

What apparently was going on was that the inter-datacenter cables had been tapped. Clearly the entire length of a transcontinental or undersea fiber cable isn't under Google's control and passive tapping has been known to be an issue. I think some of the links are rented, rather than owned, as well.

As to why the inter-datacenter links haven't always been protected with strong encryption, that's an issue of cost at scale. AES isn't free, and when you're dealing with X gigabits/second streaming through the link, the cost becomes significant. Now that newer Intel chips have built-in AES support and hardware routers have also recently become available to create strong encrypted tunnels between high-speed WAN endpoints, it's feasible for Google and other cloud providers to turn encryption on for all traffic, and thus thwart whatever taps have been placed on those cables by the spies.

(Usual disclaimer: this is all my personal opinion. I'm not speaking for or on behalf of Google.)

I assume it isn't their fiber between all of their data centers. Why wasn't this already encrypted? Is it not standard to encrypt traffic over WAN links? Or is it that the standard encryption used for that is one of the potentially compromised methods.

No, it's not standard to encrypt over private circuits you lease. Despite everyone's opinion on the matter.

As pointed out elsewhere, think how many internal Enterprise networks are tapped.

This is kind of meaningless after yesterdays revelations about the NSA/GCHQs encryption cracking power. We don't know what they can crack, we don't know what Google is using, we don't know if there's any backdoors in the hardware or if there's a mole engineer subverting it all.

It's going to be very hard to get that trust back especially after Google was caught lying about their involvement when this first broke.

I assume it isn't their fiber between all of their data centers. Why wasn't this already encrypted? Is it not standard to encrypt traffic over WAN links? Or is it that the standard encryption used for that is one of the potentially compromised methods.

No, it's not standard to encrypt over private circuits you lease. Despite everyone's opinion on the matter.

As pointed out elsewhere, think how many internal Enterprise networks are tapped.

It sounds like the hardware to create an encrypted tunnel between WAN endpoints isn't as mature as I would have guessed (I'm obviously not a network guy).

I'd be interested to see a pre-NSA leak risk analysis on not encrypting the WAN links and the business justification for keeping it clear; for Google or any other service provider that operates at their scale.

Seems to me that because Google has to comply with (and not report) NSLs, this ultimately is more for show.

No. What this prevents is wholesale collection of massive amounts of user data via fiber taps. The government couldn't create nsl's fast enough to collect even a tiny smidgen of a fraction of the data that just can be sucked in via a fiber tap.

Sounds like a natural extension of Google's business model - whoring out their users. They already collect, archive, sort and sell all information on their users the NSA could possibly want (which was already disturbing before the Snowden leaks). They create instant shareholder value if they can sell it to the NSA (they've already done the "work"). Problem is, NSA can likely access Google's database without paying a cent. They can't get that Signet money if the NSA can get that information without paying. Shut out the NSA, and the NSAs wallet will open.

Almost all google services are free. The whoring out you claim is just an agreement between the user and google so the bills get paid.

Google is not whoring out their users. They trade services for them. And google does not really sell user information it simply tracks it and then connects users with advertisers. I am not sure you really understand googles business model.

...I cancelled my Google apps account a few weeks ago. This news today is not enough to make me go back, even though I've already had a few teething issues with the replacement.

Well, don't leave us hanging. Are you going cold turkey on spreadsheets and word processors? Did you get a MS Office subscription? Did you switch to some crappy open source suite nobody else uses and you regret your decision? Are you going fully tablet for your office app needs? Lead by example, don't just bitch.

...I cancelled my Google apps account a few weeks ago. This news today is not enough to make me go back, even though I've already had a few teething issues with the replacement.

Well, don't leave us hanging. Are you going cold turkey on spreadsheets and word processors? Did you get a MS Office subscription? Did you switch to some crappy open source suite nobody else uses and you regret your decision? Are you going fully tablet for your office app needs? Lead by example, don't just bitch.

What exactly is the new security model you have that is so superior?

I'm paying $$$ for a VPS in my home country (where bandwidth is very expensive) with a hosting company I trust (I work for them, which is why I won't tell you who it is... conflict of interest and all that. You can google my name to find out who I work for), running cPanel (which is also expensive and mostly open source).

It doesn't make my email secure unless the person I'm communicating with has also setup S/MIME encryption, but it does show that I'm not willing to use any company that is based in america and cooperating with the NSA. If enough people do what I did, maybe Google/etc will put pressure on the US government to change their laws and policies.

I never used google apps for spreadsheets/word documents. I was only using it for email.

Almost all google services are free. The whoring out you claim is just an agreement between the user and google so the bills get paid.

Google is not whoring out their users. They trade services for them. And google does not really sell user information it simply tracks it and then connects users with advertisers. I am not sure you really understand googles business model.

Really? Seems you're not quite sure what Google does. Google collects everything they possibly can on their individual users (and people who don't use their services - via their own ads, google analytics and whatnot) and advertisers call asking for people matching a specific profile. Google finds someone and then serves up that person on a silver platter. Better yet, if the person clicks the ad, the advertiser knows that individual fits their profile. No guesswork involved. They know. That's whoring out your users.

Purveyors of advertising don't have to whore out their users and can do pretty well without it. Ask most types of media - TV, newspapers, signage, radio, movies,non-tracking web ads, etc. When they sell ad space, all they know about the people that see the ad is they likely consume the specific product the ad is tied with. They may show advertisers the typical demographics their users tend to fall into (which they constructed using external surveys and whatnot) but what can they say about an individual who was "served" the ad? Nothing, except they saw it. They don't even have a list of names of people who did see it. That's not whoring out your users. That's selling ad space.

Having been involved with a few cable landing stations, I can say there is always reserved space for [insert client/agency], just as there are always tax department routers in bank data centres. It becomes national interest if its an international link,

One of the companies we've done things for offers Comms switching to ensure data does not trunk through certain links, countries or cables. I imagine though the cost of setting up a consumer grade email service like gmail with trusted path links would be exceedingly expensive - so to see google perhaps take a step toward something where links between data centres is nice to see - theyve done it at their cost. It's doubtful very much there is an evil core of executives looking to provide back doors within Google. I would be mortified if I had crafted something like Gmail, only to find international entities had penetrated and made vulnerable my users. Just like some googlers have said they are disappointed, they likely really are.

Unfortunately things look like it has gotten out of hand - I actually think we're even less safe now that the leaks from Ed Snowden have surfaced, now there is going to be an escalation of Agencies to retain and improve their methods and legislation. On the other side here is so much apathy and complacency by society as a whole toward security and privacy, that I'm glad he did leak this stuff - but I wouldn't be surprised to see things forgotten soon. Even people close to me don't know about NSA leaks - so I don't have much hope here for us - so companies like Google have to watch out for the rest of us, because I do t think most care or will even know.

Ok, so I've been an engineer at Google for over 3.5 years. All details of Google's datacenter security practices are considered highly confidential, yet they are available for any Google engineer to read. None of it leaks because there aren't any backdoors to the NSA anywhere for anyone to find. That's point #1.

[...]

Since nearly all Googlers, including myself and the founders, obviously, are also Google users for all of our private and personal business. Google considers the NSA as a whole just as much an adversary as the Chinese military or any other government agency. As Bearologist said, Google's business is highly dependent on users trusting us to keep their data private and protected.

These NSL's have been very harmful to the reputations of all of the American cloud companies, but they only apply to the thousands or tens of thousands of specific individuals and account names that the government is providing to the respective companies. There's no global side channel funneling everyone's data to the NSA.

We can't trust you. I'm sorry. I want to, but I can't.

The sad part is, even if Google has a record of always completely transparent, completely honest, we still can't trust you.

That, I think, is the worst part of this whole NSA/NSL thing: people and companies we have trusted in the past have become untrustable. That's not even a word, but untrustworthy doesn't even work here. I feel Google, alongside a few other companies, is worthy of my trust.

Edit: Perhaps I should explain more than just try and make witty comments. I'm not saying that the NSA or anyone else should have all my data, but I do think it is a bit much to treat Google like some white knight. Yes I know I give them all my data, and they provide free services in return, but they still seem to do whatever they want with my data.

I wonder if the (tiny) silver lining in this whole NSA fiasco is that proper encryption is becoming a more mainstream topic of conversation. If the desire for truly end to end encrypted communication really takes hold (and I suspect it will do so outside of U.S. borders first simply because - for citizens of the world other than the United states - the idea of a foreign government reading your email is doubly repugnant) then perhaps technologies will be developed that make it easier and more common than it is today. Right now, using proper encryption for email is an enormous hassle with public and private keys and what not. Trying to use it for anonymous web use is even harder.

Perhaps as a backlash all communication will someday be encrypted at the source (using strong and verifiable algorithms) and not be unencrypted until it arrives at its destination and be done in a manner that is easy to set up and use.*

Of course, to do something like this new technologies will have to be invented but this situation might just be the catalyst that pushes the research into the forefront.

*there will always be ways of getting at targeted individuals... key loggers, viruses, back doors, sloppy software implementations, etc. I'm just thinking that maybe strong, publicly verified encryption might be come so ubiquitous that it stops the wholesale vacuuming up of everyone's data without warrant or differentiation.

I assume it isn't their fiber between all of their data centers. Why wasn't this already encrypted? Is it not standard to encrypt traffic over WAN links? Or is it that the standard encryption used for that is one of the potentially compromised methods.

No, it's not standard to encrypt over private circuits you lease. Despite everyone's opinion on the matter.

As pointed out elsewhere, think how many internal Enterprise networks are tapped.

Whatever Google does, American software and hardware companies lost my trust for ever. We now know, one thing is what they say in public, and the other, is what they do in our back because secret laws don't allow them to say they are spying and weakening our software and hardware for their government.

It is "ok" government can access email account and cloud files, but this should be done transparently, through court orders. Not secretly on our backs. If Americans want my business, better give me the same rights as an American, and not simply assume because I am an European they can look to my data at will.

The cloud in terms of files, for me, is now essentially my home, with a Synology server, and some else home, where I rsync my files (through an encrypted connection and with files encrypted).

And, as soon as Mailpile has its version 1.0, and I'll have a little free time, I think I'll just install my own mail server at home.